Synonyms
Definition
Detection of denial-of-service (DoS) attacks
Background
Denial-of-service (DoS) attacks either use a resource-depletion strategy (where resource here refers to bandwidth, computation, or memory), or they target other kinds of vulnerabilities in critical protocols or devices whose failure will have DoS effects. In the following, the focus will be on resource-depletion DoS attacks. Such attacks can be detected based on signatures developed through some type of “supervised” learning process. Alternatively, detection can be based on statistical anomalies (i.e., deviations from the somehow characterized “normal”) in observed patterns of resource consumption, together with a possibly dynamic assessment of the quantity of available resources that are targeted. In particular, anomaly detection can be based on learned behavioral profiles of packet flows (network monitor), or profiles of processes operating in network routers or in end hosts, including...
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Brooks R (2005) Disruptive security technologies with mobile code and peer-to-peer networks, CRC Press, Boca Raton, FL
Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial of service attack detection techniques, IEEE Internet Comput 10(1):82–89
Chen Y, Hwang K, Ku W-S (2007) Distributed change-point detection of DDoS attacks: experimental results on the DETER testbed. In Proceedings DETER Community Workshop on Cyber Security Experimentation (in conjunction with the USENIX Security Symposium), Boston, MA
Gao D, Reiter MK, Song D (2006) Behavioral distance measurement using hidden Markov models. In Proceedings of RAID Conference
Javitz HS, Valdez A (1994) The NIDES Statistical Component Description and Justification, SRI Technical Report
Keromytis A, Misra V, Rubenstein D (2002) SOS: secure overlay services. Proceedings of ACM SIGCOMM
Lad M, Zhao X, Zhang B, Massey D, Zhang L (2003) Analysis of BGP update surge during slammer worm attack. In Proceedings of the Workshop on Distributed Computing (IWDC)
Lou X and Hwang K (2006) Prevention of index-poisoning DDoS attacks in peer-to-peer file-sharing networks, IEEE Trans. Multimedia, Special Issue on Content Storage and Delivery and P2P Networks
Mirkovic J, Martin J, Reiher P (2001) A taxonomy of DDoS attacks and DDoS defense mechanisms. ACM SIGCOMM Comput Commun Rev 34:39–53
Mirkovic J, Hussain A, Fahmy S, Reiher P, Thomas R (2009) Accurately measuring denial of service in simulation and testbed experiments. IEEE Trans Dependable Secure Comput 6(2):81–95
Spamhaus Project, Spammers release virus to attack spamhaus.org, http://www.spamhaus.org/news/lasso?article=13,Nov.2003
Valdez A, Skinner K (2000) Adaptive, model based monitoring for cyber attack detection. In Proceedings of the RAID Conference, London
Valdez A, Skinner K (2001) Probabilistic alert correlation. In Proceedings of the RAID Conference, Davis, CA
Wang H, Zhang D, Shin K (2002) Detecting SYN flooding attacks. In Proceedings of IEEE INFOCOM
Wu SF, Chang HC, Jou F, Wang F, Gong F, Sargor C, Qu D, Cleaveland R (2000) JiNao: design and implementation of a scalable intrusion detection system for the OSPF routing protocol. ACM Transactions on Computer Systems
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Kesidis, G. (2011). Denial-of-Service Detection. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_266
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_266
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering